man/man-db-2.4.3-CVE-2006-4250.dif

--- src/man.c
+++ src/man.c	2007-04-16 17:24:18.424390534 +0200
@@ -1795,32 +1795,35 @@ static pipeline *make_browser (const cha
 {
 	pipeline *p;
 	char *browser;
-	int command_len = strlen (command) * 2 + strlen (file) + 1;
 	int found_percent_s = 0;
 	char *percent;
 	char *esc_file;
 
-	browser = xmalloc (command_len + 1);
+	browser = xmalloc (1);
 	*browser = '\0';
 
 	percent = strchr (command, '%');
 	while (percent) {
+		size_t len = strlen (browser);
+		browser = xrealloc (browser, len + 1 + (percent - command));
 		strncat (browser, command, percent - command);
 		switch (*(percent + 1)) {
 			case '\0':
 			case '%':
-				strcat (browser, "%");
+				browser = strappend (browser, "%", NULL);
 				break;
 			case 'c':
-				strcat (browser, ":");
+				browser = strappend (browser, ":", NULL);
 				break;
 			case 's':
 				esc_file = escape_shell (file);
-				strcat (browser, esc_file);
+				browser = strappend (browser, esc_file, NULL);
 				free (esc_file);
 				found_percent_s = 1;
 				break;
 			default:
+				len = strlen (browser); /* cannot be NULL */
+				browser = xrealloc (browser, len + 3);
 				strncat (browser, percent, 2);
 				break;
 		}
@@ -1830,11 +1833,10 @@ static pipeline *make_browser (const cha
 			command = percent + 1;
 		percent = strchr (command, '%');
 	}
-	strcat (browser, command);
+	browser = strappend (browser, command, NULL);
 	if (!found_percent_s) {
-		strcat (browser, " ");
 		esc_file = escape_shell (file);
-		strcat (browser, esc_file);
+		browser = strappend (browser, " ", esc_file, NULL);
 		free (esc_file);
 	}
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/man?expand=0&rev=7 2007-04-17 12:54:22 +02:00			`--- src/man.c`
			`+++ src/man.c 2007-04-16 17:24:18.424390534 +0200`
			`@@ -1795,32 +1795,35 @@ static pipeline *make_browser (const cha`
			`{`
			`pipeline *p;`
			`char *browser;`
			`- int command_len = strlen (command) * 2 + strlen (file) + 1;`
			`int found_percent_s = 0;`
			`char *percent;`
			`char *esc_file;`

			`- browser = xmalloc (command_len + 1);`
			`+ browser = xmalloc (1);`
			`*browser = '\0';`

			`percent = strchr (command, '%');`
			`while (percent) {`
			`+ size_t len = strlen (browser);`
			`+ browser = xrealloc (browser, len + 1 + (percent - command));`
			`strncat (browser, command, percent - command);`
			`switch (*(percent + 1)) {`
			`case '\0':`
			`case '%':`
			`- strcat (browser, "%");`
			`+ browser = strappend (browser, "%", NULL);`
			`break;`
			`case 'c':`
			`- strcat (browser, ":");`
			`+ browser = strappend (browser, ":", NULL);`
			`break;`
			`case 's':`
			`esc_file = escape_shell (file);`
			`- strcat (browser, esc_file);`
			`+ browser = strappend (browser, esc_file, NULL);`
			`free (esc_file);`
			`found_percent_s = 1;`
			`break;`
			`default:`
			`+ len = strlen (browser); /* cannot be NULL */`
			`+ browser = xrealloc (browser, len + 3);`
			`strncat (browser, percent, 2);`
			`break;`
			`}`
			`@@ -1830,11 +1833,10 @@ static pipeline *make_browser (const cha`
			`command = percent + 1;`
			`percent = strchr (command, '%');`
			`}`
			`- strcat (browser, command);`
			`+ browser = strappend (browser, command, NULL);`
			`if (!found_percent_s) {`
			`- strcat (browser, " ");`
			`esc_file = escape_shell (file);`
			`- strcat (browser, esc_file);`
			`+ browser = strappend (browser, " ", esc_file, NULL);`
			`free (esc_file);`
			`}`